Trust in electronic environment through digital signatures

PKI Framework under the IT Act
Central to the growth of e-commerce and e-governance is the issue of trust in electronic environment. The future of e-commerce and e-governance depends on the trust that the transacting parties place in the security of transmission and the content of communication.

Creating trust in electronic environment involves assuring the transacting parties about the integrity and confidentiality of the content of documents along with authentication of the sending and receiving parties in a manner that ensures that both the parties cannot repudiate the transaction. The paper based concepts of identification, declaration and proof are carried through the use of digital signatures in electronic environment. Digital signatures, a form of electronic signatures, are created and verified using Public Key Cryptography that is based on the concept of a key pair generated by a mathematical algorithm, the public and private keys.

The Information Technology Act, 2000 provides the required legal sanctity to the digital signatures based on asymmetric cryptosystems. The digital signatures are now accepted at par with handwritten signatures and the electronic documents that have been digitally signed are treated at par with paper documents.

The IT Act provides for the Controller of Certifying Authorities (CCA) to license and regulate the working of Certifying Authorities. The Certifying Authorities (CAs) issue digital signature certificates for electronic authentication of users.

The CCA certifies the public keys of CAs using its own private key, which enables users in the cyberspace to verify that a given certificate is issued by a licensed CA. For this purpose it operates, the Root Certifying Authority of India (RCAI). The CCA also maintains the National Repository of Digital Certificates (NRDC), which contains all the certificates issued by all the CAs in the country.

CCA at the root of the trust chain in India.